This script creates a new user and adds the user to a role on the ESX host:
$NewUser = '_New_user_name_' $NewUserPassword = '_New_user_Password_' $NewUserDesc = '_New_user_description_' $HOSTCredentials = Get-Credential -Credential root $ESXhost = '_My_ESX_HOST_' Connect-VIServer $ESXhost -Credential $HOSTCredentials New-VMHostAccount -Id $NewUser -Password $NewUserPassword -Description $NewUserDesc -UserAccount -Server $ESXhost -AssignGroups users $AuthMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager $Entity = Get-Folder ha-folder-root | Get-View $Perm = New-Object VMware.Vim.Permission $Perm.entity = $Entity.MoRef $Perm.group = $false $Perm.principal = $NewUser $Perm.propagate = $true # You can either specify roleID or use the line below if you know the role name. # $Perm.roleId = ($AuthMgr.RoleList | where {$_.Name -eq "ReadOnly"}).RoleId $Perm.roleId = "-2" $AuthMgr.SetEntityPermissions($Entity.MoRef,$Perm) Disconnect-VIServer -Server $ESXhost -Confirm:$false
Here is the list of common roles / role IDs:
RoleName Label RoleId -------- ----- ------ NoAccess No access -5 Anonymous Anonymous -4 View View -3 ReadOnly Read-only -2 Admin Administrator -1 VirtualMachinePowerUser Virtual machine power user (sample) 4 VirtualMachineUser Virtual machine user (sample) 5 ResourcePoolAdministrator Resource pool administrator (sample) 6 VMwareConsolidatedBackupUser VMware Consolidated Backup user (sample) 7 DatastoreConsumer Datastore consumer (sample) 8 NetworkConsumer Network consumer (sample) 9
For the full list of Roles you have in your environment please use this script:
$report =@() $authMgr = Get-View AuthorizationManager foreach($role in $authMgr.RoleList){ $row = "" | Select RoleName, Label, RoleId $row.RoleName = $role.Name $row.Label = $role.Info.Label $row.RoleId = $role.RoleId $report += $row } $report
Recent Comments